package com.cskaoyan.config;

import com.cskaoyan.shiro.CustomAuthenticator;
import com.cskaoyan.shiro.AdminRealm;
import com.cskaoyan.shiro.WxRealm;
import org.apache.shiro.mgt.DefaultSecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSourceAdvisor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.LinkedHashMap;
import java.util.List;

/**
 * @BelongProject: mall35th
 * @BelongPackage: com.cskaoyan.config
 * @Author: zijin
 * @Createtime: 2021-12-02 星期四 11:29
 * @Description: todo
 */
@Configuration
public class ShiroConfig {
    /**
     * 获取安全管理器
     *
     * @return
     */
    @Bean
    public DefaultWebSecurityManager securityManager(List<Realm> realms, DefaultWebSessionManager sessionManager, CustomAuthenticator authenticator) {
        DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
        //securityManager.setRealm(realm);
        //如果要写自定义的认证器和授权其->继承默认的认证器和授权器
        securityManager.setSessionManager(sessionManager);
        //authenticator.setRealms(Arrays.asList(new Realm[]{realm}));
        //authenticator.setRealms(realms);
        securityManager.setAuthenticator(authenticator);
        securityManager.setRealms(realms);
        return securityManager;
    }

//    @Bean
//    public ShiroFilterFactoryBean shiroFilter(DefaultWebSecurityManager securityManager){
//        /**
//         * 上面注册为组件，后面参数就可以自动注入该对象
//         */
//        ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
//        shiroFilter.setSecurityManager(securityManager);
//        //key 请求url
//        //value filter -> anon(匿名)、authc(认证)、perms(授权)
//        //有序的map
//        LinkedHashMap<String, String> filterChainMap = new LinkedHashMap<>();
//        filterChainMap.put("/admin/auth/login","anon");
//        filterChainMap.put("/wx/auth/login","anon");
//        /**
//         * 微信小程序部分暂时全部放行
//         */
//        filterChainMap.put("/wx/**","anon");
//        filterChainMap.put("/admin/**","authc");
//        shiroFilter.setFilterChainDefinitionMap(filterChainMap);
//        return shiroFilter;
//    }


    /**
     * @Author Yr
     * shiroFilter
     */
    @Bean
    public ShiroFilterFactoryBean shiroFilter(DefaultSecurityManager securityManager) {
        //指定securityManager组件
        ShiroFilterFactoryBean filter = new ShiroFilterFactoryBean();
        filter.setSecurityManager(securityManager);
        //重定向登录页面
        filter.setLoginUrl("http://localhost:8080/#/login?redirect=%2Fdashboard");
        //指定filter
        LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
        //后台管理系统除登录界面都要认证
        filterChainDefinitionMap.put("/admin/auth/login", "anon");
        filterChainDefinitionMap.put("/admin/**", "authc");
        //微信小程序部分暂时除登陆外全部放行
        filterChainDefinitionMap.put("/wx/auth/login", "anon");
        filterChainDefinitionMap.put("/wx/**", "anon");
        filter.setFilterChainDefinitionMap(filterChainDefinitionMap);
        return filter;
    }

    //使用注解
    @Bean
    public AuthorizationAttributeSourceAdvisor authorizationAttributeSourceAdvisor(DefaultWebSecurityManager webSecurityManager) {
        AuthorizationAttributeSourceAdvisor sourceAdvisor = new AuthorizationAttributeSourceAdvisor();
        sourceAdvisor.setSecurityManager(webSecurityManager);
        return sourceAdvisor;
    }

    /**
     * 返回一个认证器
     *
     * @param adminRealm
     * @param wxRealm
     * @return
     */
    @Bean
    public CustomAuthenticator authenticator(AdminRealm adminRealm, WxRealm wxRealm) {
        CustomAuthenticator customAuthenticator = new CustomAuthenticator();
        ArrayList<Realm> realms = new ArrayList<>();
        realms.add(adminRealm);
        realms.add(wxRealm);
        customAuthenticator.setRealms(realms);
        return customAuthenticator;
    }
}
